Again?
Maybe the standards bodies should run a new standard the way NIST does for encryption algorithms. Perhaps they wouldn't look so bad as someone always breaks it the way it is currently done. I mean really, after all this time it's that easy?
Researchers have detailed a set of side-channel and downgrade attacks that potentially allow an attacker to compromise Wi-Fi networks equipped with WPA3 protections. Mathy Vanhoef, of New York University Abu Dhabi, and Eyal Ronen, of Tel Aviv University, have disclosed five different methods for breaking into or disrupting …
They rolled their own handshaking protocol and kept it secret, so no one with a clue was surprised to see it broken. Its almost as if that was their goal, so they can go to WPA4 and sell everyone new routers - though this happened so quickly hardly anyone has WPA3 routers yet.
a substantial number of the standards development engineers that I have encountered in communications technology standards development have apparently both overt and covert agendas; there be squirrels.
I think it is even legal nowadays, but it wasn't when I first noticed the subversion.
Personally speaking. WiFi security has a long track record of being terrible, and I expect that won't change anytime soon. So I stopped relying on it a long time ago. What I do instead is run my WiFi AP as its own subnet, and the only thing you can do through it is to connect to the VPN server that I run.
If any attackers break the WiFi security, it gets them nothing. They'll have to go on to break the VPN security as well.
"WiFi security has a long track record of being terrible"
You really need to add "using pre-shared keys".
If you are running a VPN server, use RADIUS and run one of the EAP solutions (EAP-TLS is recommended) as it allows you to rotate your session keys which significantly limits the available wifi attacks. And allows you to avoid any VPN packet header overhead issues.
It's not quite as secure as the highest security VPN options (limited to AES128 but no PFS options) but should exceed most requirements. WPA3 adds perfect forward secrecy (PFS) and protected management frames which should provide a small bump in security, but I suspect it opens the way to WPA4 for AES256 with further improvements given how common AES-NI offload hardware has become.
Yes, I'm aware of that alternative. The problem is that when I use it and then pentest my setup, I can still break into it. Not as quickly, certainly, but if I'm running an always-on WiFi AP in a fixed location, the amount of time required to break it is not important.
> And allows you to avoid any VPN packet header overhead issues.
VPN overhead is not something that is a problem for me. It's plenty fast.
Note that the client performs the same authentication procedure as the router. Therefore the side-channel methods also apply to the client. This means that observing the memory access patterns is far more of an issue on the client.
The downgrade attacks also are against the client, not the router. The attacker spoofs the access point, and tells the client that it doesn't support WPA3, so the client tries WPA2.
Cryptography is hard - in theory and even more so in implementation. Side channels are hard to eliminate or whiten.
There are formal methods and automated systems which could be applied to the design and implementation of cryptographic protocols and would catch some of these issues, but they're expensive and difficult to use in practice, and expertise in them is scant.
That said, wireless-communications crypto in particular has an unfortunate history, from WEP to the original Bluetooth spec to A5/1 to this set of vulnerabilities in WPA-3. The Wi-Fi Alliance and similar groups might want to think about some changes to their procedures.
@sitta_europea
does not need much wizardry, its a weakness of the old protocol really. If you change the process too much there will be no back compatibility for the billions of devices out there. This would probably mean the no adoption at all, even if better. This is a battle IT will never win, as backward compatibility protocol "downgrades" appear in all sorts of places.